Unrated severityOSV Advisory· Published Jan 7, 2026· Updated Jan 7, 2026

LibreChat has Insufficient Access Control for Agent Permission Queries

CVE-2025-69221

Description

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the configuration of agents that have a predefined set of instructions and context. Private agents are not visible to other users. However, if an attacker knows the agent ID, they can read the permissions of the agent including the permissions individually assigned to other users. This issue is fixed in version 0.8.2-rc2.

Affected products

Danny Avila/LibrechatOSV
Range: chart-1.9.0, chart-1.9.1, chart-1.9.2, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/danny-avila/LibreChat/commit/06ba025bd95574c815ac6968454be7d3b024391cmitrex_refsource_MISC
github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2mitrex_refsource_MISC
github.com/danny-avila/LibreChat/security/advisories/GHSA-5ccx-4r3h-9qc7mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000